LM off boarding fails with revision mismatch error
search cancel

LM off boarding fails with revision mismatch error

book

Article ID: 416576

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

Issue: LM off boarding fails with revision mismatch error when the default malicious IP group has been modified on the Local Manager prior to off boarding.

 

Symptoms:

  • Off boarding process fails with error: "Revision of /infra/domains/default/groups/9be75a65-f7ae-441f-8e97-1ee94103b74a in the DB is 1, but the passed revision was 0" in nsxapi.logs
  • Site offboarding status API returns "TERMINAL_FAILED" status with message "Site off boarding failed at the final stage. Stage will be retried."

https://<IP>/policy/api/v1/infra/site/offboarding-status

 

{
    "status": "TERMINAL_FAILED",
    "message": "Site offboarding failed at the final stage. Stage will be retried. Error: null",
    "resource_type": "SiteOffBoardingState",
    "id": "site-offboarding-state",
    "display_name": "site-offboarding-state",
    "path": "/infra/site-offboarding-state",
    "relative_path": "site-offboarding-state",
    "remote_path": "",
    "unique_id": "d09acbc0-9f24-4d9d-8154-90bd65b2c2db",
    "realization_id": "d09acbc0-9f24-4d9d-8154-90bd65b2c2db",
    "owner_id": "c2db2d8c-8acb-430d-aab6-1d20bba9a2ef",
    "marked_for_delete": false,
    "overridden": false,
    "_system_owned": false,
    "_protection": "NOT_PROTECTED",
    "_create_time": 1759490811181,
    "_create_user": "'globalmanageridentity'",
    "_last_modified_time": 1760364758897,
    "_last_modified_user": "system",
    "_revision": 345236
}

 

  • After a failed off boarding, the LM cannot be re-onboarded to the GM. Customers attempting to onboard the same LM again will encounter failures due to incomplete off boarding state.

 

 

Environment

NSX 4.x

Cause

The root cause is that during off boarding, a process which attempts to recreate the malicious IP group with revision 0. However, it does not check if the group already exists with a higher revision number, leading to a revision mismatch error when the group was previously modified on the LM.

Resolution

This issue has been fixed in NSX 9.0.

If you encounter this issue please feel free to open a Support Request with the Broadcom Technical Support team (VMware vDefend Firewall ) and reference this Knowledge Base article for quicker assistance.

 

Powered by Wolken Software